Skip to content

Commit

Permalink
8270380: Change the default value of the java.security.manager system…
Browse files Browse the repository at this point in the history
… property to disallow

Reviewed-by: lancea, mullan, rriggs
  • Loading branch information
wangweij committed Oct 21, 2021
1 parent e39bdc9 commit d589b66
Show file tree
Hide file tree
Showing 6 changed files with 22 additions and 25 deletions.
25 changes: 10 additions & 15 deletions src/java.base/share/classes/java/lang/SecurityManager.java
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@
import java.lang.module.ModuleDescriptor;
import java.lang.module.ModuleDescriptor.Exports;
import java.lang.module.ModuleDescriptor.Opens;
import java.lang.reflect.Member;
import java.io.FileDescriptor;
import java.io.File;
import java.io.FilePermission;
Expand All @@ -48,7 +47,6 @@
import java.util.concurrent.ConcurrentHashMap;

import jdk.internal.module.ModuleLoaderMap;
import jdk.internal.reflect.CallerSensitive;
import sun.security.util.SecurityConstants;

/**
Expand Down Expand Up @@ -77,7 +75,7 @@
* manager routine simply returns if the operation is permitted, but
* throws a {@code SecurityException} if the operation is not
* permitted.
* <p>
* <h2><a id="set-security-manager">Setting a Security Manager</a></h2>
* Environments using a security manager will typically set the security
* manager at startup. In the JDK implementation, this is done by setting the
* system property {@systemProperty java.security.manager} on the command line
Expand All @@ -96,13 +94,13 @@
* {@link System#setSecurityManager(SecurityManager) setSecurityManager} method.
* In the JDK implementation, if the Java virtual machine is started with
* the {@code java.security.manager} system property set to the special token
* "{@code disallow}" then a security manager will not be set at startup and
* cannot be set dynamically (the
* "{@code allow}", then a security manager will not be set at startup but can
* be set dynamically. If the Java virtual machine is started with the
* {@code java.security.manager} system property not set or set to the special
* token "{@code disallow}", then a security manager will not be set at startup
* and cannot be set dynamically (the
* {@link System#setSecurityManager(SecurityManager) setSecurityManager}
* method will throw an {@code UnsupportedOperationException}). If the
* {@code java.security.manager} system property is not set or is set to the
* special token "{@code allow}", then a security manager will not be set at
* startup but can be set dynamically. Finally, if the
* method will throw an {@code UnsupportedOperationException}). Finally, if the
* {@code java.security.manager} system property is set to the class name of
* the security manager, or to the empty String ("") or the special token
* "{@code default}", then a security manager is set at startup (as described
Expand All @@ -127,8 +125,7 @@
* <tr>
* <th scope="row">null</th>
* <td>None</td>
* <td>Success or throws {@code SecurityException} if not permitted by
* the currently installed security manager</td>
* <td>Throws {@code UnsupportedOperationException}</td>
* </tr>
*
* <tr>
Expand All @@ -148,7 +145,7 @@
* <tr>
* <th scope="row">"disallow"</th>
* <td>None</td>
* <td>Always throws {@code UnsupportedOperationException}</td>
* <td>Throws {@code UnsupportedOperationException}</td>
* </tr>
*
* <tr>
Expand All @@ -167,12 +164,10 @@
*
* </tbody>
* </table>
* <p> A future release of the JDK may change the default value of the
* {@code java.security.manager} system property to "{@code disallow}".
* <p>
* The current security manager is returned by the
* {@link System#getSecurityManager() getSecurityManager} method.
* <p>
* <h2><a id="check-permission">Checking Permissions</a></h2>
* The special method
* {@link SecurityManager#checkPermission(java.security.Permission)}
* determines whether an access request indicated by a specified
Expand Down
8 changes: 5 additions & 3 deletions src/java.base/share/classes/java/lang/System.java
Original file line number Diff line number Diff line change
Expand Up @@ -361,9 +361,11 @@ private static URL codeSource(Class<?> clazz) {
* the method simply returns.
*
* @implNote In the JDK implementation, if the Java virtual machine is
* started with the system property {@code java.security.manager} set to
* started with the system property {@code java.security.manager} not set or set to
* the special token "{@code disallow}" then the {@code setSecurityManager}
* method cannot be used to set a security manager.
* method cannot be used to set a security manager. See the following
* <a href="SecurityManager.html#set-security-manager">section of the
* {@code SecurityManager} class specification</a> for more details.
*
* @param sm the security manager or {@code null}
* @throws SecurityException
Expand Down Expand Up @@ -2237,7 +2239,7 @@ private static void initPhase3() {
allowSecurityManager = MAYBE;
}
} else {
allowSecurityManager = MAYBE;
allowSecurityManager = NEVER;
}

if (needWarning) {
Expand Down
4 changes: 2 additions & 2 deletions test/jdk/java/lang/System/AllowSecurityManager.java
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@

/*
* @test
* @bug 8191053
* @bug 8191053 8270380
* @summary Test that the allow/disallow options of the java.security.manager
* system property work correctly
* @run main/othervm AllowSecurityManager
Expand All @@ -35,7 +35,7 @@ public class AllowSecurityManager {

public static void main(String args[]) throws Exception {
String prop = System.getProperty("java.security.manager");
boolean disallow = "disallow".equals(prop);
boolean disallow = !"allow".equals(prop);
try {
System.setSecurityManager(new SecurityManager());
if (disallow) {
Expand Down
6 changes: 3 additions & 3 deletions test/jdk/java/lang/System/SecurityManagerWarnings.java
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@

/*
* @test
* @bug 8266459 8268349 8269543
* @bug 8266459 8268349 8269543 8270380
* @summary check various warnings
* @library /test/lib
*/
Expand Down Expand Up @@ -53,7 +53,7 @@ public static void main(String args[]) throws Exception {

String testClasses = System.getProperty("test.classes");

allowTest(null, testClasses);
disallowTest(null, testClasses);
allowTest("allow", testClasses);
disallowTest("disallow", testClasses);
enableTest("", testClasses);
Expand All @@ -66,7 +66,7 @@ public static void main(String args[]) throws Exception {
Path.of("A.class"),
Path.of("B.class"));

allowTest(null, "a.jar");
disallowTest(null, "a.jar");
} else {
System.out.println("SM is enabled: " + (System.getSecurityManager() != null));
PrintStream oldErr = System.err;
Expand Down
2 changes: 1 addition & 1 deletion test/jdk/sun/security/pkcs11/KeyStore/Basic.java
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
* . 'list' lists the token aliases
* . 'basic' does not run with activcard,
* @library /test/lib ..
* @run testng/othervm Basic
* @run testng/othervm -Djava.security.manager=allow Basic
*/

import java.io.*;
Expand Down
2 changes: 1 addition & 1 deletion test/jdk/sun/security/pkcs11/Provider/MultipleLogins.sh
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ TEST_ARGS="${TESTVMOPTS} -classpath ${TESTCLASSPATH} \
${TESTJAVA}${FS}bin${FS}java ${TEST_ARGS} MultipleLogins || exit 10

# run test with security manager
${TESTJAVA}${FS}bin${FS}java ${TEST_ARGS} MultipleLogins useSimplePolicy || exit 11
${TESTJAVA}${FS}bin${FS}java ${TEST_ARGS} -Djava.security.manager=allow MultipleLogins useSimplePolicy || exit 11

echo Done
exit 0

1 comment on commit d589b66

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.